If that happens, those packages would be available in Observability Serverless projects, but they cannot be installed in those kind of projects. Example of the error raised (link):
Error: can't install the package: could not zip-install package; API status code = 400; response body = {"statusCode":400,"error":"Bad Request","message":"Encountered 17 errors creating saved objects: [{\"type\":\"security-rule\",\"id\":\"0c5a9660-eaa9-11ee-a30d-e7740197132d\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"10359860-1139-11ee-af86-538da1394f27\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"2140f083-6e39-4df4-ba41-aa1f41cb81b8\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"2e5a7e20-1137-11ee-af86-538da1394f27\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"2e9c9ac0-1138-11ee-af86-538da1394f27\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"55faa99b-ce17-4a41-9f63-4a7439e3543a\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"5be38411-3902-4686-8209-1ab75a6d3847\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"6040cb5c-5e01-4f4d-af7f-9ca9c11dbdc7\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"6839b82b-22bf-418f-a86b-7e7a4cd074d7\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"6d34f6dc-4a36-46cd-a4bb-ea2f1a01ab8a\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"867e3450-1139-11ee-af86-538da1394f27\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"934a39a0-1138-11ee-af86-538da1394f27\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"bdf083c5-63cb-41ae-bb7a-563cc4e8719f\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"beeea32f-31ba-4be8-9e2c-14de47280aac\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"c40eaba1-7507-4fe7-aae5-78e59cd7b8f2\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"ccffb8f0-601f-46f6-8ae9-ab8af5e6bbf4\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"d0d735ed-08fe-4393-9aa6-120236995152\",\"error\":{\"type\":\"unsupported_type\"}}]"}
Given that, it would be nice to add a new validation rule into the spec that ensures that if there is any security-rule asset, the package manifest must define the security capability too.
Currently, there are packages that define
security-rulekibana assets but it is not enforced that the capabilitysecurityis defined in the package manifest.Those assets can be added into
kibana/security_rule/*.json.If that happens, those packages would be available in Observability Serverless projects, but they cannot be installed in those kind of projects. Example of the error raised (link):
Given that, it would be nice to add a new validation rule into the spec that ensures that if there is any
security-ruleasset, the package manifest must define thesecuritycapability too.Relates: